PT-2026-3597 · Unknown · Meddream Pacs Premium
Marcin Icewall
·
Published
2026-01-20
·
Updated
2026-01-24
·
CVE-2025-53912
CVSS v3.1
9.6
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
MedDream PACS Premium version 7.3.6.870
Description
An arbitrary file read issue exists in the encapsulatedDoc functionality. A specially crafted HTTP request can lead to unauthorized file access. An attacker can send an HTTP request to the
encapsulatedDoc endpoint to trigger this issue. The vulnerability allows reading any file on the server.Recommendations
MedDream PACS Premium version 7.3.6.870: As a temporary workaround, consider disabling the
encapsulatedDoc endpoint until a patch is available.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Meddream Pacs Premium